According to its mission statement, the annual conference “Computers, Privacy and Data Protection“ in Brussels aims to create a bridge between policy makers, academics, practitioners and activists, and aims to become Europe’s most important forum for the discussion of data protection and privacy issues.

This goal was certainly reached during the panel on Bahavioural Targeting and Profiling, where technologists, privacy advocates and attorneys each presented their own take and solutions for this very pertinent privacy issue.

All parties agreed that data collection is at the core of the online marketing business model and therefore had to be dealt with. One technologist suggested introducing the creation of a “cloudbroker”, who would be an intermediary between the consumer and the advertising agencies and would only pass on data of the consumer’s choosing.

Another IT professional repeated the old mantras of Do Not Track, more transparency, monitoring tools, privacy certifications and Privacy by Design.

A third one, Paul Francis, working for the Max Planck Institute in Germany, proposed a very sophisticated privacy based advertising model, called the PRIVAD project whereby a “dealer” would propose “software agents” for downloading in users’ computers. The user would then create their own data and profile with that software and pass it on to the dealer, who, after anonymizing the data, would pass it on to a broker. The broker and the ad agencies would thus only come into possession of separate bits of anonymous data, and would not be able to build profiles of users. The targeted ads would then be sent back to the user via the same anonymized paths.

One attorney on the panel drew attention to price discrimination as a result of profiling. One way this is happening today is via Groupon coupon offers, and he predicted this will happen more pervasively in closed networks like Facebook. He questioned the legality of such practices.

Privacy activist Alexander Hanff of PrivacyInternational proposed that, regardless of the claimed billions at stake for the ad industry, privacy is a human right and not for sale. He proposed straightforward opt-in for all.

One very good point was made in the audience that even when a consumer gives consent to the collection of a particular information, he/she does not necessarily give consent to the collection of multiple data into aggregated data and profiles. Therefore it seems that the concepts of PII and private data are outdated and need to be replaced by “aggregated data” and “identity”.

Jeff Chester of The Center for Digital Democracy stated that in the US, leading brands have built a pervasive commercial surveillance society and that they are selling individuals to the highest bidder. He warned the audience that the next frontier would be “neuromarketing’, whereby the advanced knowledge of how our brain functions would be put to use to influence consumers on a subconscious level.

Jeff conveyed how the ad industry is afraid of the EU data protection model, and instead is pushing towards a “make believe” regulation and self-regulation.

Another very interesting panel discussed Surveillance in the Netherlands.

The panelists portrayed a “surveillance” society, where people are watched by omnipresent CCTVs, where biometric passports are stored in central data bases, where pat downs and house searches occur without probable cause or warrant, where everyone is deemed guilty until proven innocent and where the citizens are so trusting of their government that they don’t even protest to these privacy invasive practices.

A very hot topic was the discussion of the EU Data Retention Directive, that is up for review. For more background on this matter, see this recent post on this blog.

Chris Soghoian spoke of the state of data retention in the US. He explained how, except for certain areas like finance, there is no mandatory retention requirement , but that a system of voluntary retention has developed. For example, ATT and Verizon are paid $ 8 million a year by the FBI to provide real time access to two years of stored records. Microsoft, Google, Sprint MySpace and Facebook all have retention policies in place for voluntary help to law enforcement. The public is largely unaware of these practices, since they are never disclosed in the privacy policies of these companies. Apparently TMobile is the only telecom NOT logging their customer’s information.

I suppose that at the time of the conference, Chris had not heard of the most recent rumors in the House concerning a possible imminent retention bill.

The most popular and widely attended panel was the one discussing the Revision of the EU Data Protection Directive consisting of

(from left to right): Achim Klabunde of the European Commission, Giovanni Buttarelli of the European Data Protection Supervisor’s office, Marie-Helene Boulanger of the European Commission, Jim Halpert of DLA Piper LLP, Jacob Kohnstamm, Chairman of the Article 29 Working Party & Dutch Data Protection Authority and Daniel Guagnin of the Technische Universitat Berlin (DE).

Marie-Helene Boulanger repeated the objectives of the revision: Strengthening of individual rights, enhancing harmonization, reinforcement of the data controller’s responsibility, a better integration of the 3rd pillar ( police and judiciary), and improvement of international data transfers.

The most interesting and provocative statement was made by Jacob Kohnstamm. He warned against puttng a disproportionate burden on the consumer by requiring his/her consent in a increasingly complex online ecosystem, that the consumer does not fully understand. He asked instead for more responsibility and accountability of the data controllers. He was very passionate about the fact that there is no other area in law where those selling products are not responsible for those products, and does not see why the sale of data should be an exception.

Jim Halpert drew attention to the fact that the EU model is slowing down business ( four months to receive the authorities’ approval for model contracts) and suggested Privacy by Design solutions to prevent problems at the front end.

In the audience, Tanguy Van Overstraeten of Linklaters suggested that a regulation instead of a directive would provide businesses with the legal certainty they need for global operations. While a regulation would be directly and equally binding on all member states,a directive would have to be implemented by each state individually and would inevitably lead to lack of harmonization and applicable law problems.

Peter Hustinx, in his recent opinion reviewed in this post , indeed recommended a regulation and not a directive.

Cloud Computing and Privacy Impact Assessments were other topics that provoked lively discussions on the panels as well as in the audience.

During the conference, EPIC presented the 2011 International Privacy Champion Award to European Parliament Member Sophie in’t Veld and the 2011 Domestic Privacy Champion Award to Jeff Chester, founder and executive director of the Center for Digital Democracy. In’t Veld was recognized for her work as “leading defender of fundamental freedoms,” Chester as a “tireless champion of consumer rights.”

Subscribe via Email

Privacy Policy

We do not sell, rent, trade or otherwise disclose email addresses or other personal information visitors submit through our website.
Please note that we use analytics performance cookies on our blog in order to collect aggregated and anonymised statistical data about our blog. By subscribing to or by using this website, you agree to these cookies being served on your computer or other electronic device.
Cookies are small text files that are placed on your machine to help the site provide a better user experience. You may prefer to disable cookies on this site. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Disclaimer

This website is for general information purposes only. Information posted is not intended to be legal advice.